From d5635cff4df9f7e6628e2e5d5bfe47d81b9d9d32 Mon Sep 17 00:00:00 2001
From: Andrew Millington <andrew@noexceptions.io>
Date: Thu, 8 Mar 2018 18:28:51 +0000
Subject: [PATCH] Minor changes to changelog text

---
 installation.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/installation.md b/installation.md
index 91eab07b..83286be4 100755
--- a/installation.md
+++ b/installation.md
@@ -58,10 +58,10 @@ The `AuthorizationServer` accepts two kinds of encryption keys, a `string` passw
 
 ### `string` password
 
-A `string` password is of unknown strength, to turn it into a strong encryption key the [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) key derivation function is used.
-This function derives an encryption key from a password and is slow by design, aimed to reduce vulnerability to brute force attacks.
+A `string` password can be of variable strength depending on the password used. To turn it into a strong encryption key the [PBKDF2](https://en.wikipedia.org/wiki/PBKDF2) key derivation function is used.
+This function derives an encryption key from a password and is slow by design. It uses a lot of CPU resources for a fraction of a second, applying key stretching to the password to reduce vulnerability to brute force attacks.
 
-To generate a `string` password for the `AuthorizationServer` run the following command in the terminal:
+To generate a `string` password for the `AuthorizationServer`, you can run the following command in the terminal:
 
 ~~~ shell
 php -r 'echo base64_encode(random_bytes(32)), PHP_EOL;'